When allowCredentials is true, allowedOrigins cannot contain the special value “*“ since that canno

2023-12-27 99 阅读 0 评论

问题：

后端配置跨域控制台抛出如下异常：

Resolved [java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value “*” since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.]

原因：

当allowCredentials为true时，allowedOrigins不能包含特殊值“*”，因为它不能在“Access-Control-Allow-Origin”响应头中设置。

解决办法：

将配置中allowedOrigins替换为allowedOriginPatterns。

配置：

@Configuration
public class CorsConfig implements WebMvcConfigurer {
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOriginPatterns("*")
                .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
                .allowCredentials(true)
                .maxAge(3600)
                .allowedHeaders("*");
    }
}

转自：
https://blog.csdn.net/qq_59312178/article/details/126538648

When allowCredentials is true, allowedOrigins cannot contain the special value “*“ since that canno

相关文章

归档